For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Log tcp Connections.

Problem this snippet solves:

This code can be used to log tcp connections to assist with troubleshooting issues. These could include tracking connections to a pool member or tracking what the source IP is.

How to use this snippet:

This can be used in whole or in part depending on what you are trying to track down.

Code :

when CLIENT_ACCEPTED {
  log local0. "in CLIENT ACCEPTED 
  CLIENT = [IP::client_addr]:[TCP::client_port] 
  CLIENT LOCAL = [IP::local_addr]:[TCP::local_port] 
"
}

when CLIENT_CLOSED {
  log local0. "in CLIENT_CLOSED
  CLIENT = [IP::client_addr]:[TCP::client_port] 
  CLIENT LOCAL = [IP::local_addr]:[TCP::local_port] 
"
}  

when LB_SELECTED {
  log local0. "in LB_SELECTED
  CLIENT = [IP::client_addr]:[TCP::client_port] 
  CLIENT LOCAL = [IP::local_addr]:[TCP::local_port] 
"
}

when SERVER_CONNECTED {
  log local0. "in SERVER_CONNECTED 
  CLIENT = [IP::client_addr]:[TCP::client_port] 
  CLIENT LOCAL = [clientside {IP::local_addr}]:[clientside {TCP::local_port}]
  SEVER LOCAL = [IP::local_addr]:[TCP::local_port] 
  SERVER  = [IP::server_addr]:[TCP::server_port]
"
}  

when SERVER_CLOSED {
  log local0. "in SERVER_CLOSED   
  SEVER LOCAL = [IP::local_addr]:[TCP::local_port] 
  SERVER  = [IP::server_addr]:[TCP::server_port]
"
}

Tested this on version:

No Version Found
Published Jul 15, 2019
Version 1.0
No CommentsBe the first to comment